So I am reading through my Awstat logs and seen this: http://www.zone-h.org/defacements/onhold I think to myself WTF and run the WHOIS which leads me to http://www.melbourneit.com.au/ with no records. So reading down the logs I see http://www.zone-h.org/en/defacements/page=4/ Interesting - a bunch of sites that have been defaced. Now here is mines - http://www.cd-burner-help.com/blog/wp-content/0wnz/ Anyone else get this yet? I have seen the news that they are now taking to attacking websites online. I am guessing he has gained access via me being stupid - so question is how do I lock down from this happening?
I hope you figure out how they got in so others can patch the hole. So much of the software we all run has vulnerabilities. It is maddening. Shannon
I'm not sure your average terrorist is that technologically advanced I guess you have to find out how they gained access first. Root kit, bad password... Who knows. What do your logs say? What OS is this?
Im running through the logs now trying to figure it out and have also emailed my host for some help. I dont think its the password as its a pretty confusing bunch of letters and digits. Anything I find I'll post here. Thanks folks.
He has been busy - is # for the most visited on my site but country is unknown - I do know he shows as being in Jordan from other websites and I also see a few hel posts in Word Press regarding him. The following IP's showed: 69.90.47.37 65.98.57.234 217.160.226.16 64.191.89.37 Not sure if its him. On the zone-h.org there is a listing that contains more info - http://www.cd-burner-help.com/blog/wp-content/0wnz Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.11 FrontPage/5.0.2.2634a mod_ssl/2.8.22 OpenSSL/0.9.7a Also - the image he used is hosted on securejo.com - the logo on there is the same as he used on another website so I am guessing he is a member: WHOIS: Registration Service Provided By: ASEERHOST.COM Contact: +966.501637371 Domain Name: securejo.com Expiry Date: 24-Nov-2006 Days Left for Expiry: 280 Record Creation Date: 24-Nov-2005 Domain Status: Active Domain servers in listed order: dns2.al-royal.com dns1.al-royal.com RegistrantContact Details Name Feras khaleel Company Security.Arab Email Address Address jordan Jordan / Amman, Jordan / Amman, City Jordan / Amman State Jordan / Amman Zip amman Country JO Tel No. +966.0000 Fax No.+966.0000 AdministrativeContactDetails Name Feras khaleel Company Security.Arab Email Address Address jordan Jordan / Amman, Jordan / Amman, City Jordan / Amman State Jordan / Amman Zip amman Country JO Tel No. +966.0000 Fax No.+966.0000 TechnicalContactDetails Name Feras khaleel Company Security.Arab Email Address Address jordan Jordan / Amman, Jordan / Amman, City Jordan / Amman State Jordan / Amman Zip amman Country JO Tel No. +966.0000 Fax No.+966.0000 BillingContactDetails Name Feras khaleel Company Security.Arab Email Address Address jordan Jordan / Amman, Jordan / Amman, City Jordan / Amman State Jordan / Amman Zip amman Country JO Tel No. +966.0000 Fax No.+966.0000 More info: 18-24 year old Male, Capricorn, from Jordan IM Handle: Yahoo: eddy.3721 MSN: About Me Love my Life and wish the best always for all and Me ... My Interests Security eddy.net Should I be posting all this